Skip to content

Commit c7f2269

Browse files
author
Chris Raynor
committed
Modifying security rules to use uid and updating auth check
1 parent 06e5ad1 commit c7f2269

File tree

2 files changed

+20
-23
lines changed

2 files changed

+20
-23
lines changed

rules.json

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -8,43 +8,43 @@
88
".read": true,
99
"$roomId": {
1010
// Append-only by anyone, and admins can add official rooms, and edit or remove rooms as well.
11-
".write": "(auth != null) && (!data.exists() || root.child('moderators').hasChild(auth.id) || data.child('createdByUserId').val() === auth.id)",
11+
".write": "(auth != null) && (!data.exists() || root.child('moderators').hasChild(auth.uid) || data.child('createdByUserId').val() === auth.uid)",
1212
".validate": "newData.hasChildren(['name','type'])",
1313
"id": {
1414
".validate": "(newData.val() === $roomId)"
1515
},
1616
"createdByUserId": {
17-
".validate": "(auth.id === newData.val())"
17+
".validate": "(auth.uid === newData.val())"
1818
},
1919
"numUsers": {
2020
".validate": "(newData.isNumber())"
2121
},
2222
"type": {
23-
".validate": "('public' === newData.val()) || 'private' === newData.val() || ('official' === newData.val() && (root.child('moderators').hasChild(auth.id)))"
23+
".validate": "('public' === newData.val()) || 'private' === newData.val() || ('official' === newData.val() && (root.child('moderators').hasChild(auth.uid)))"
2424
},
2525
// A list of users that may read messages from this room.
2626
"authorizedUsers": {
27-
".write": "(auth != null) && (!data.exists() || root.child('moderators').hasChild(auth.id) || data.hasChild(auth.id))"
27+
".write": "(auth != null) && (!data.exists() || root.child('moderators').hasChild(auth.uid) || data.hasChild(auth.uid))"
2828
}
2929
}
3030
},
3131
"room-messages": {
3232
"$roomId": {
3333
// A list of messages by room, viewable by anyone for public rooms, or authorized users for private rooms.
34-
".read": "(root.child('room-metadata').child($roomId).child('type').val() != 'private' || root.child('room-metadata').child($roomId).child('authorizedUsers').hasChild(auth.id))",
34+
".read": "(root.child('room-metadata').child($roomId).child('type').val() != 'private' || root.child('room-metadata').child($roomId).child('authorizedUsers').hasChild(auth.uid))",
3535
"$msgId": {
3636
// Allow anyone to append to this list and allow admins to edit or remove.
37-
".write": "(auth != null) && (data.val() === null || root.child('moderators').hasChild(auth.id)) && (root.child('room-metadata').child($roomId).child('type').val() != 'private' || root.child('room-metadata').child($roomId).child('authorizedUsers').hasChild(auth.id)) && (!root.child('suspensions').hasChild(auth.id) || root.child('suspensions').child(auth.id).val() < now)",
37+
".write": "(auth != null) && (data.val() === null || root.child('moderators').hasChild(auth.uid)) && (root.child('room-metadata').child($roomId).child('type').val() != 'private' || root.child('room-metadata').child($roomId).child('authorizedUsers').hasChild(auth.uid)) && (!root.child('suspensions').hasChild(auth.uid) || root.child('suspensions').child(auth.uid).val() < now)",
3838
".validate": "(newData.hasChildren(['userId','name','message','timestamp']))"
3939
}
4040
}
4141
},
4242
"room-users": {
4343
"$roomId": {
44-
".read": "(root.child('room-metadata').child($roomId).child('type').val() != 'private' || root.child('room-metadata').child($roomId).child('authorizedUsers').hasChild(auth.id))",
44+
".read": "(root.child('room-metadata').child($roomId).child('type').val() != 'private' || root.child('room-metadata').child($roomId).child('authorizedUsers').hasChild(auth.uid))",
4545
"$userId": {
4646
// A list of users by room, viewable by anyone for public rooms, or authorized users for private rooms.
47-
".write": "(auth != null) && ($userId === auth.id || root.child('moderators').hasChild(auth.id))",
47+
".write": "(auth != null) && ($userId === auth.uid || root.child('moderators').hasChild(auth.uid))",
4848
"$sessionId": {
4949
".validate": "(!newData.exists() || newData.hasChildren(['id','name']))"
5050
}
@@ -54,25 +54,25 @@
5454
"users": {
5555
// A list of users and their associated metadata, which can be updated by the single user or a moderator.
5656
"$userId": {
57-
".write": "(auth != null) && (auth.id === $userId || (root.child('moderators').hasChild(auth.id)))",
58-
".read": "(auth != null) && (auth.id === $userId || (root.child('moderators').hasChild(auth.id)))",
57+
".write": "(auth != null) && (auth.uid === $userId || (root.child('moderators').hasChild(auth.uid)))",
58+
".read": "(auth != null) && (auth.uid === $userId || (root.child('moderators').hasChild(auth.uid)))",
5959
".validate": "($userId === newData.child('id').val())",
6060
"invites": {
6161
// A list of chat invitations from other users, append-only by anyone.
6262
"$inviteId": {
6363
// Allow the user who created the invitation to read the status of the invitation.
64-
".read": "(auth != null) && (auth.id === data.child('fromUserId').val())",
65-
".write": "(auth != null) && (!data.exists() || $userId === auth.id || data.child('fromUserId').val() === auth.id)",
64+
".read": "(auth != null) && (auth.uid === data.child('fromUserId').val())",
65+
".write": "(auth != null) && (!data.exists() || $userId === auth.uid || data.child('fromUserId').val() === auth.uid)",
6666
".validate": "newData.hasChildren(['fromUserId','fromUserName','roomId']) && (newData.child('id').val() === $inviteId)"
6767
}
6868
},
6969
"notifications": {
7070
// A list of notifications, which can only be appended to by moderators.
7171
"$notificationId": {
72-
".write": "(auth != null) && (data.val() === null) && (root.child('moderators').hasChild(auth.id))",
72+
".write": "(auth != null) && (data.val() === null) && (root.child('moderators').hasChild(auth.uid))",
7373
".validate": "newData.hasChildren(['fromUserId','timestamp','notificationType'])",
7474
"fromUserId": {
75-
".validate": "newData.val() === auth.id"
75+
".validate": "newData.val() === auth.uid"
7676
}
7777
}
7878
}
@@ -83,9 +83,9 @@
8383
".read": true,
8484
"$username": {
8585
"$sessionId": {
86-
".write": "(auth != null) && (!data.exists() || !newData.exists() || data.child('id').val() === auth.id)",
86+
".write": "(auth != null) && (!data.exists() || !newData.exists() || data.child('id').val() === auth.uid)",
8787
"id": {
88-
".validate": "(newData.val() === auth.id)"
88+
".validate": "(newData.val() === auth.uid)"
8989
},
9090
"name": {
9191
".validate": "(newData.isString())"
@@ -97,8 +97,8 @@
9797
".read": "(auth != null)"
9898
},
9999
"suspensions": {
100-
".write": "(auth != null) && (root.child('moderators').hasChild(auth.id))",
101-
".read": "(auth != null) && (root.child('moderators').hasChild(auth.id))"
100+
".write": "(auth != null) && (root.child('moderators').hasChild(auth.uid))",
101+
".read": "(auth != null) && (root.child('moderators').hasChild(auth.uid))"
102102
}
103103
}
104104
}

src/js/firechat.js

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -250,11 +250,8 @@
250250
Firechat.prototype.setUser = function(userId, userName, callback) {
251251
var self = this;
252252

253-
self._firebase.root().child('.info/authenticated').on('value', function(snapshot) {
254-
var authenticated = snapshot.val();
255-
if (authenticated) {
256-
self._firebase.root().child('.info/authenticated').off();
257-
253+
self._firebase.onAuth(function(authData) {
254+
if (authData) {
258255
self._userId = userId.toString();
259256
self._userName = userName.toString();
260257
self._userRef = self._firebase.child('users').child(self._userId);

0 commit comments

Comments
 (0)